Support for non-keyless mode for non-interactive git commit signing (e.g., CI/CD jobs that sign git commits) #288
Comments
|
Keyless can be used with non-interactive CI workflows! Our e2e tests do this on every PR 🙂 What CI provider are you targeting? We might be able to point you to some more detailed docs to get setup! |
|
Ah that sounds good -- I suppose then indeed that documentation how to do is what I'm missing. I'm using GitLab and the project I'm thinking of is https://gitlab.com/debdistutils/debdistget/ Adding this would be awesome, as I then could write a new plugin to |
|
I have great news for you - we've been working with GitLab on adding Sigstore support! 😃 We're waiting on changes to land on the Fulcio side - sigstore/fulcio#1097, sigstore/fulcio#983. We'll probably hold off on full documentation until this this is released to the public instance. Once that's live though, Gitsign already has the client support it needs in v0.6.0. 😎 build:
stage: build
id_tokens:
SIGSTORE_ID_TOKEN:
aud: sigstoreThen all you need to do in your build job is install + configure gitsign then sign commits! |
Hi. Thank you for gitsign! As far as I can tell, gitsign does not support non-interactive usage but only the keyless mode, right? If so, this is a feature request to support non-keyless mode. My use-case is CI/CD jobs that commit and push things to remote git repositories. Having these be signed with gitsign would be nice for accountability, to not only rely on a git repository write access check.
Thanks for your consideration,
Simon
The text was updated successfully, but these errors were encountered: